Select Few Users Being Logged Out Constantly

[Zachary Ball]

I need some assistance since i have exhausted all efforts here

I have, to my attention about 5-10 users who are constantly being logged out. There is a login box that will pop up which i have never seen on my end.

Now, I have spent countless hours reading all of the threads here that report it being a problem with cache, www or non www inconsistency and settings within the APC.

I have checked everything and still can't figure this out. I have timeout set at 60 which is max. Someone maybe shed some light? These users can't complete 1-2 tasks without being asked to log back in.

 

[Paul B]

The 60 minute setting in the ACP is just related to who shows as being online, it isn't related to session timeout, which is always 60 minutes.

However, any request will extend it, including requests such as draft saving, and if the window is focussed, a request will always be made that keeps the session alive.

Are they checking "Stay logged in" when they log in?

Is their IP address changing? If it is, the existing session won't be used but selecting the option to stay logged in adds a cookie which automatically recreates the session as needed.

It may be worth asking one of them for permission to log in to their account to see if you can reproduce it.

 

[Zachary Ball]

Hey Brogan,

The "stay logged in" button is selected by default on my website. I have checked thier account and only see one IP address unless that one continuously changes.

Anything else?

 

[Digital Doctor]

Ask them to try different computers and or different browsers.

 

[Zachary Ball]

Ask them to try different computers and or different browsers.

I have done this, did not work on Chrome or Mozilla for them. I don't think they will have a chance to try a different computer.

 

[Paul B]

If it's only affecting a few users then it's likely going to be an issue local to them.

It may be worth asking one of them for permission to log in to their account to see if you can reproduce it.

 

[Zachary Ball]

Update:

I now am getting users every 30 minutes to an hour having this issue. This is happening to pretty much everyone now and I am trying to figure out why.

 

[Digital Doctor]

Searching the forums ..... this happens alot.

Memcached was full - https://xenforo.com/community/threads/users-getting-logged-out.112428/#post-1037823

Are some links www.site.com and others site.com ? That will log you out. https://xenforo.com/community/threads/users-getting-logged-out-repeatedly.112370/#post-1037222

Some tips here - https://xenforo.com/community/threads/keep-logging-out-of-xf-with-chrome.22968/#post-286837

 

[Zachary Ball]

Already have been to those links and tried just about everything you have here. I was able to fix the issue by increasing memcached but it is acting up again today. Pretty much every action I or my users do, it logs us out and pops up a login box to yet again log in...

 

[Daniel Hood]

I was able to fix the issue by increasing memcached but it is acting up again today.

So, that pretty much confirms what the issue is. Your memcache is likely full again. So your options are to restart it and clear it out or increase the limit again. Increasing the limit every time you reach the limit is obviously a temporary fix.

 

[Zachary Ball]

That doesn't make sense.. It should not be filling or ever reaching full capacity. Literally just cleared it the other day so I think there is a deeper issue.

 

[Zachary Ball]

I have a few pages that aren't being displayed as secured and those seem to be the clicks that trigger the log out. My redirect for all pages to be secure is not working like it should. That is the problem, any fixes?

 

[Daniel Hood]

I have a few pages that aren't being displayed as secured and those seem to be the clicks that trigger the log out.

Yes, that would definitely cause it.

What kind of redirect are you doing? With out knowing your particular set up it's hard to give advice. Really the bigger problem is that they're linked to the insecure version at all, the redirect is handy if they try going to it manually but all of your internal links should be standardised so this shouldn't be that common of a problem.

 

[Zachary Ball]

#RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

I believe.. Also we are hosting the website on our own server.